Could a Stock Buyback of 2.9 million shares be a factor in TuCow’s Slow Response?
TuCows (NYSE AMEX:TCX, TSX:TC) , out in the pasture?! With possibly 6M consumers affected my Malware spread through popular web portals, ground zero for the Malware attacks came from a known vulnerability in OpenX’s Ad server. Among the affected carriers, TuCows, Pirate Bay, ESarcasm And AfterDawn among the effected carriers. According to Web security vendor Dasient, an estimated 1.6M ads may have been served daily. According to Adreka social analytics, appearances of social reports, earmarking the malware attack may have started as early as the over the past 96 hours, and may have begun it’s proliferation as easily as midnight, 11th of September 2010.
CyberInsecure reported that the malicious code was being loaded from external domains registered to an address in Russia and was targeted the Microsoft Windows Help Center vulnerability patched earlier this year, the successful exploitation led to a variant of the Bredolab trojan being installed on the victim’s computer. This threat is known a distribution platform for rogue antivirus programs.
TuCows general manager, Andy Walker, confirmed for ParetoLogic that the incident was the result of hackers compromising the OpenX server used by the company to deliver ads. “We detected the intrusion, patched the vulnerability in OpenX and resolved the issue quickly,” the company representative noted. According to Adreka’s Social Monitoring, the OpenX vulnerability issue was known as early as May, 2010, as reported by dozens of active OpenX communities, programmers, and malware boards.
Moreover, less than 12 hours ago, my attempts to access the TuCow’s main site and affiliate pages resulted in AVG halting my systems infection. So exactly why was the largest software company in North America, out to pasture when their systems, webmasters, and millions of consumers were being affected by a massive malware attack?
Granted it a cow’s top speed, is 5.5 mph, so TuCow’s should get there in ½ the time? – LOL
As a question, NOT AS AN ACQUISITATION, could the deadline for TuCow’s slow response come in the wake of the company trying to push their existing investor base to sell 2.9 million shares back to the company in a Dutch auction, what expires on September 17th 2010? According to their own financial release, dated September 9th 2010, TuCow’s intends to commence a modified “Dutch auction” tender offer to repurchase up to 2,900,000 shares of common stock, representing approximately 5.1% of Tucows’ outstanding shares. The tender offer is expected to commence on Friday, September 17, 2010 and to expire, unless extended, at 5:00 P.M., New York City Time, on Tuesday, October 19, 2010. Tucows also announced that it has terminated its normal course issuer bid commenced in February 2010 pursuant to which Tucows has repurchased 3,409,300 shares of common stock.
As a past investment banker and now current media evangelist, you have to ask the question, unless their technology team was completely out to pasture, could long term financial gain been the catalyst for a Cow Speed Response, in relation for all other systems effected?
Hi John,
I work for Tucows and I'd like to clarify some of the information in your post.
You are correct that, like many sites, tucows.com uses the OpenX open source ad server software.
You are also correct that, once again like many other sites, we where exposed to a vulnerability through OpenX for a period of time (hours, not days) before we became aware of the situation.
Luckily, the same day we noticed the exploit (September 14th) the OpenX community released a patch that resolved the exploit.
There was then another short period of time (the evening of the 15th) before we realized that during the exploit several additional backdoors had been opened on the server.
We have now done a complete rebuild of the server using the latest version of everything and we believe that we are now fully secure.
It is important to note that this exploit was specific to OpenX and is in no way related to Tucows or to any of the software downloads available through our site. Similarly, this server is in no way connected to our content mirror sites, our reseller network, or to any of the domains we provide through that reseller network.
As for the impact to site visitors, it's probably best to look at what needs to have happened for them to have an issue.
If someone came to our site and IF they did it during that particular period of time and IF they went to a page with an ad served by OpenX and IF the exploit tried to download malware to their machine and IF that machine was running Windows XP and IF they didn't have recent security patches on their machine and IF they weren't running anti-virus software, then they may have had malware downloaded to their machine. If that is the case, they'll want to update their software and check to see if their machine was affected.
So the length of time and the scope of the vulnerability is dramatically different than what you have estimated. Of course we're seriously sorry that there was ANY period of time that we were vulnerable and we're redoubling our efforts to make sure this sort of thing doesn't happen in the future.
BTW, we rarely let our finance and corporate communications teams work on our ad servers so the fact we have a share buyback happening doesn't really have anything to do with us working on security patches. 🙂
Cheers,
Ken.